cheers
luke
;*******************************************************************************
***************************
ANALYSIS: 2008-04-17 19:32:24
PROTECTIONS: 1
MALWARE: 41
SUSPECTS: 1
;*******************************************************************************
***************************
[/left]
PROTECTIONS
Description Version Active Updated
;=======================================================================
AVG 7.5.524 7.5.524 Yes Yes
;=========================================================================
MALWARe
Id Description Type Active Severity Disinfectable Disinfected Location
;=======================================================================
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\lydgyrpx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\ltzmapof.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kyubpsti.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\mmzvjotx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\noagpora.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\rjxagsok.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kpnsmitt.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\2 noun.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dart five.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\defaultgrid.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dumb Drv.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\grim sect.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\NEWSETUP.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\program link.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\supportsign.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\transthe.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Vga Team.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\bootryvr.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\daxarwdp.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dkjgkwrh.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dzltkxst.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\hxecrnyn.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\jpgqghcv.exe
00048936 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-645f4c2c-75266df4.class
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\sp2ctr
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\program info
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.ccbill.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.belnk.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@advertising[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.adopt.hbmediapro.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ads.pointroll[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xmts.net/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.go.com/]
00200583 adware/block-checker Adware No 1 Yes No c:\windows\system32\ustart.exe
00213191 dialer.dgi Dialers No 0 Yes No hkey_local_machine\software\mpb
00213191 dialer.dgi Dialers No 0 Yes No hkey_current_user\software\mpb
00217978 application/errorguard HackTools No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540006}
00217978 application/errorguard HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205ff73b-ca67-11d5-99dd-444553540006}
00268735 Adware/Webdir Adware No 0 No No C:\Documents and Settings\m\Desktop\AVIMoviePlayer50.exe[IECodecPlg.dll]
00268735 Adware/Webdir Adware No 0 Yes No C:\WINDOWS\IECodecPlg.dll
00596566 Adware/ActiveSearch Adware No 0 No No C:\Program Files\Morpheus\morpheustoolbar.exe[morpheustoolbar.dll]
00895808 Generic Trojan Virus/Trojan No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\Install.dll
01346783 Adware/VideoAccess Adware No 1 Yes No C:\Program Files\VideoAccessCodec\Uninstall.exe
01346783 Adware/VideoAccess Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\VideoAccessCodec\Uninstall.exe.vir
01941633 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delmod.dll]
01942368 Exploit/Gimsh.A HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-220fecef-3ac26b3a.zip[BaaaaBaa.class]
02183986 Trj/Banker.FWD Virus/Trojan No 1 No No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331259.exe[AviPlayer.exe]
02384441 Application/Morpheus Spyware No 0 Yes No C:\Program Files\Morpheus\morpheustoolbar.exe
02510759 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delQueue.exe]
02899550 Application/SpywareSecure HackTools No 0 Yes No C:\Documents and Settings\m\Local Settings\Temp\4o6y1ihk.exe
02911205 Adware/AntiSpywareDeluxe Adware No 0 Yes No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331264.exe
;===============================================================================
SUSPECTS
Sent Location
;=========================================================
No C:\WINDOWS\SYSTEM32\YOBKSF.EXE ^
;=======================================================
VULNERABILITIES
Id Severity Description ^
;===================================================
184380 MEDIUM MS08-002 ^
184379 MEDIUM MS08-001 ^
182048 HIGH MS07-069 ^
182046 HIGH MS07-067 ^
182043 HIGH MS07-064 ^
179553 HIGH MS07-061 ^
176382 HIGH MS07-057 ^
176383 HIGH MS07-058 ^
170911 HIGH MS07-050 ^
170907 HIGH MS07-046 ^
170906 HIGH MS07-045 ^
170904 HIGH MS07-043 ^
164915 HIGH MS07-035 ^
164913 HIGH MS07-033 ^
164911 HIGH MS07-031 ^
160623 HIGH MS07-027 ^
157262 HIGH MS07-022 ^
157261 HIGH MS07-021 ^
157260 HIGH MS07-020 ^
157259 HIGH MS07-019 ^
156477 HIGH MS07-017 ^
150253 HIGH MS07-016 ^
150249 HIGH MS07-013 ^
150248 HIGH MS07-012 ^
150247 HIGH MS07-011 ^
150243 HIGH MS07-008 ^
150242 HIGH MS07-007 ^
150241 MEDIUM MS07-006 ^
141034 HIGH MS06-076 ^
141033 MEDIUM MS06-075 ^
141030 HIGH MS06-072 ^
137571 HIGH MS06-070 ^
137568 HIGH MS06-067 ^
133387 MEDIUM MS06-065 ^
133386 MEDIUM MS06-064 ^
133385 MEDIUM MS06-063 ^
133379 HIGH MS06-057 ^
131654 HIGH MS06-055 ^
129977 MEDIUM MS06-053 ^
129976 MEDIUM MS06-052 ^
126093 HIGH MS06-051 ^
126092 MEDIUM MS06-050 ^
126087 HIGH MS06-046 ^
126086 MEDIUM MS06-045 ^
126083 HIGH MS06-042 ^
126082 HIGH MS06-041 ^
126081 HIGH MS06-040 ^
123421 HIGH MS06-036 ^
123420 HIGH MS06-035 ^
120825 MEDIUM MS06-032 ^
120823 MEDIUM MS06-030 ^
120818 HIGH MS06-025 ^
120815 HIGH MS06-022 ^
120814 HIGH MS06-021 ^
117384 MEDIUM MS06-018 ^
114666 HIGH MS06-015 ^
114664 HIGH MS06-013 ^
108744 MEDIUM MS06-008 ^
108743 MEDIUM MS06-007 ^
108742 MEDIUM MS06-006 ^
104567 HIGH MS06-002 ^
104237 HIGH MS06-001 ^
96574 HIGH MS05-053 ^
93395 HIGH MS05-051 ^
93394 HIGH MS05-050 ^
93454 MEDIUM MS05-049 ^
;============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:13, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\DOCUME~1\m\LOCALS~1\Temp\update.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=C:\WINDOWS\system32\exfitnxcik\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1081FC63-E698-C755-D3A4-7344C3B8B186} - C:\DOCUME~1\m\APPLIC~1\GREYTR~1\face bend.exe (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\tbu11A\MORPHE~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P35 "EPSON Stylus DX3800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S451.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1) (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S453.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S455.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft] sxe7E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] D:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\m\LOCALS~1\Temp\update.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\sy
PROTECTIONS
Description Version Active Updated
;=======================================================================
AVG 7.5.524 7.5.524 Yes Yes
;=========================================================================
MALWARe
Id Description Type Active Severity Disinfectable Disinfected Location
;=======================================================================
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\lydgyrpx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\ltzmapof.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kyubpsti.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\mmzvjotx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\noagpora.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\rjxagsok.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kpnsmitt.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\2 noun.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dart five.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\defaultgrid.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dumb Drv.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\grim sect.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\NEWSETUP.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\program link.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\supportsign.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\transthe.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Vga Team.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\bootryvr.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\daxarwdp.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dkjgkwrh.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dzltkxst.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\hxecrnyn.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\jpgqghcv.exe
00048936 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-645f4c2c-75266df4.class
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\sp2ctr
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\program info
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.ccbill.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.belnk.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@advertising[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.adopt.hbmediapro.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ads.pointroll[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xmts.net/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.go.com/]
00200583 adware/block-checker Adware No 1 Yes No c:\windows\system32\ustart.exe
00213191 dialer.dgi Dialers No 0 Yes No hkey_local_machine\software\mpb
00213191 dialer.dgi Dialers No 0 Yes No hkey_current_user\software\mpb
00217978 application/errorguard HackTools No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540006}
00217978 application/errorguard HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205ff73b-ca67-11d5-99dd-444553540006}
00268735 Adware/Webdir Adware No 0 No No C:\Documents and Settings\m\Desktop\AVIMoviePlayer50.exe[IECodecPlg.dll]
00268735 Adware/Webdir Adware No 0 Yes No C:\WINDOWS\IECodecPlg.dll
00596566 Adware/ActiveSearch Adware No 0 No No C:\Program Files\Morpheus\morpheustoolbar.exe[morpheustoolbar.dll]
00895808 Generic Trojan Virus/Trojan No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\Install.dll
01346783 Adware/VideoAccess Adware No 1 Yes No C:\Program Files\VideoAccessCodec\Uninstall.exe
01346783 Adware/VideoAccess Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\VideoAccessCodec\Uninstall.exe.vir
01941633 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delmod.dll]
01942368 Exploit/Gimsh.A HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-220fecef-3ac26b3a.zip[BaaaaBaa.class]
02183986 Trj/Banker.FWD Virus/Trojan No 1 No No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331259.exe[AviPlayer.exe]
02384441 Application/Morpheus Spyware No 0 Yes No C:\Program Files\Morpheus\morpheustoolbar.exe
02510759 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delQueue.exe]
02899550 Application/SpywareSecure HackTools No 0 Yes No C:\Documents and Settings\m\Local Settings\Temp\4o6y1ihk.exe
02911205 Adware/AntiSpywareDeluxe Adware No 0 Yes No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331264.exe
;===============================================================================
SUSPECTS
Sent Location
;=========================================================
No C:\WINDOWS\SYSTEM32\YOBKSF.EXE ^
;=======================================================
VULNERABILITIES
Id Severity Description ^
;===================================================
184380 MEDIUM MS08-002 ^
184379 MEDIUM MS08-001 ^
182048 HIGH MS07-069 ^
182046 HIGH MS07-067 ^
182043 HIGH MS07-064 ^
179553 HIGH MS07-061 ^
176382 HIGH MS07-057 ^
176383 HIGH MS07-058 ^
170911 HIGH MS07-050 ^
170907 HIGH MS07-046 ^
170906 HIGH MS07-045 ^
170904 HIGH MS07-043 ^
164915 HIGH MS07-035 ^
164913 HIGH MS07-033 ^
164911 HIGH MS07-031 ^
160623 HIGH MS07-027 ^
157262 HIGH MS07-022 ^
157261 HIGH MS07-021 ^
157260 HIGH MS07-020 ^
157259 HIGH MS07-019 ^
156477 HIGH MS07-017 ^
150253 HIGH MS07-016 ^
150249 HIGH MS07-013 ^
150248 HIGH MS07-012 ^
150247 HIGH MS07-011 ^
150243 HIGH MS07-008 ^
150242 HIGH MS07-007 ^
150241 MEDIUM MS07-006 ^
141034 HIGH MS06-076 ^
141033 MEDIUM MS06-075 ^
141030 HIGH MS06-072 ^
137571 HIGH MS06-070 ^
137568 HIGH MS06-067 ^
133387 MEDIUM MS06-065 ^
133386 MEDIUM MS06-064 ^
133385 MEDIUM MS06-063 ^
133379 HIGH MS06-057 ^
131654 HIGH MS06-055 ^
129977 MEDIUM MS06-053 ^
129976 MEDIUM MS06-052 ^
126093 HIGH MS06-051 ^
126092 MEDIUM MS06-050 ^
126087 HIGH MS06-046 ^
126086 MEDIUM MS06-045 ^
126083 HIGH MS06-042 ^
126082 HIGH MS06-041 ^
126081 HIGH MS06-040 ^
123421 HIGH MS06-036 ^
123420 HIGH MS06-035 ^
120825 MEDIUM MS06-032 ^
120823 MEDIUM MS06-030 ^
120818 HIGH MS06-025 ^
120815 HIGH MS06-022 ^
120814 HIGH MS06-021 ^
117384 MEDIUM MS06-018 ^
114666 HIGH MS06-015 ^
114664 HIGH MS06-013 ^
108744 MEDIUM MS06-008 ^
108743 MEDIUM MS06-007 ^
108742 MEDIUM MS06-006 ^
104567 HIGH MS06-002 ^
104237 HIGH MS06-001 ^
96574 HIGH MS05-053 ^
93395 HIGH MS05-051 ^
93394 HIGH MS05-050 ^
93454 MEDIUM MS05-049 ^
;============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:13, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\DOCUME~1\m\LOCALS~1\Temp\update.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=C:\WINDOWS\system32\exfitnxcik\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1081FC63-E698-C755-D3A4-7344C3B8B186} - C:\DOCUME~1\m\APPLIC~1\GREYTR~1\face bend.exe (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\tbu11A\MORPHE~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P35 "EPSON Stylus DX3800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S451.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1) (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S453.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S455.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft] sxe7E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] D:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\m\LOCALS~1\Temp\update.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\sy